GoDaddy-hjælp

How to set up an FTP server on Ubuntu 14.04

Setting up a fully-functional and highly secure FTP server on Ubuntu is made very easy with a handful of key components and a couple minutes of your time. From anonymous FTP access, root directory restrictions, or even fully encrypted transfers using SSL, this tutorial provides all the basics you'll need to quickly get your FTP server up and running.

DIFFICULTY

Basic - 1 | Medium - 2 | Advanced - 3

TIME REQUIRED

20 min

RELATED PRODUCTS

Ubuntu-based VPS or dedicated servers

Installing vsftpd

While there are a variety of FTP server tools available for Linux, one of the most popular and mature options is vsftpd.

Begin by SSHing into your server as root and use the apt-get command to install vsftpd:

Configuration

The next step is to change any configuration settings for vsftpd. Open the /etc/vsftpd.conf file in your preferred text editor:

$ nano /etc/vsftpd.conf

Edit the file so it resembles the following:

# Example config file /etc/vsftpd.conf
# ...
# Run standalone? vsftpd can run either from an inetd or as a standalone
# daemon started from an initscript.
listen=YES
#
# Allow anonymous FTP? (Disabled by default)
anonymous_enable=NO
#
# Uncomment this to allow local users to log in.
local_enable=YES
#
# Uncomment this to enable any form of FTP write command.
#write_enable=YES
# You may restrict local users to their home directories. See the FAQ for
# the possible risks in this before using chroot_local_user or
# chroot_list_enable below.
#chroot_local_user=YES

The critical settings seen above are outlined below:

listen=YES tells vsftpd to run as a standalone daemon (the simplest method for getting up and running).
anonymous_enable=NO disallows anonymous FTP users, which is generally preferred for security reasons but can be enabled for testing purposes.

local_enable=YES allows any user account defined in the /etc/passwd file access to the FTP server and is generally how most FTP users will connect.

write_enable=YES is commented out by default, but removing the hash (#) allows files to be uploaded to the FTP server.
chroot_local_user=YES restricts users to their home directory and is also commented out by default.

To begin your testing and make sure everything is working, start with the following settings for the above parameters:

Using Writeable Subdirectories

The other option to maintain slightly stronger security is not to enable allow_writeable_chroot as outlined above, but instead to create a new subdirectory in the user's root directory with write access:

Now when you connect remotely to your FTP server as the new user, that user will not have write access to the root directory, but will instead have full write access to upload files into the newly created uploads directory instead.

Securing Your FTP With SSL

While standard unencrypted FTP access as outlined so far is sufficient in many cases, when transferring sensitive information over FTP it is useful to utilize a more secure connection using SSL.

To begin you'll likely need to generate a new SSL certificate with the following command, following the prompts as appropriate to complete the process:

Some of the settings are self-explanatory, but the key components are the overall enabling of SSL, the restriction to use only TLS, and disallowing anonymous access.

With the settings added and the file saved, once again restart the vsftpd service:

$ sudo service vsftpd restart

Now your FTP server is ready to accept secure connections using "FTP over TLS" encryption. Using a client such as FileZilla, you will be presented with a certificate popup asking to verify the newly created SSL certification.

Upon accepting you will now be securely connected and transfers will be encrypted via SSL: